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IN THE CLAIMS : 

Claims 1-24 (Canceled). 




Claim 25 (Currently Amended): A multi-level secure network having a plurality of host computers 
accessible to users and connected to a network medium that has access to an untrusted line, the secure 
network comprising: 

a network security controller for e nabl i ng a socur i ty off i cor to gonorato at l oast ono user prof i lo 
generating a plurality of user profiles for a single e aGtvuser and for sending at l oast one usor profilo of said 
plurality of user profiles as selected by the user to security devices connected to the network medium, eaGh-at 
least one of said plurality of user profiles defining a plurality of destinations at l oast ono doct i nation which the 
user is authorized to access through discretionary access control and mandatory access control security 
mechanisms, wherein a plurality of user profiles define virtual private networks of communication comprising 
subsets of host computers; and, 

security devices connected to the network medium for receiving the user profiles generated at 
the network security controller as selected by the user and for implementing security mechanisms associated 
with the user profiles, each security device associated with one host computer, each security device having an 
authorization device for authorizing users at the associated host computer, the security device permitting the 
authorized user, via the associated host computer, to select one of said plurality of user profiles a ucor's prof i le 
associated with the user and for restricting access of the host computer to the at le ast on e dest i nation 
destinations defined in the selected user's profile. 
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Claim 26 (Original): The network of claim 25, wherein the at least one destination comprises at 
least one other host computer of the network or the untrusted line. 

Claim 27 (Previously Amended): The network of claim 25, wherein the security device, when 
implementing security mechanisms, allows the host computer to connect to a trusted destination. 

Claim 28 (Currently Amended): The network of claim 25, wherein the security device , when not 
implementing security mechanisms , allows wh e n the host computer conn e cts to connect to an untrusted 
destination. 

Claim 29 (Original): The network of claim 25, wherein the untrusted line comprises the Internet. 

Claim 30 (Original): The network of claim 25, wherein a user cannot simultaneously communicate 
with a trusted destination and an untrusted destination. 

Claim 31 (Original): The network of claim 25, wherein a user is prevented from simultaneously 
connecting to destinations having different security levels. 

Claim 32 (Original): The network of claim 25, wherein a user can only select one profile at a time. 

Claim 33 (Canceled) 
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Claim 34 (Original): The network of claim 25, wherein security is implemented at a network layer of 
protocol hierarchy. 

Claims 35 - 36 (Cancelled) 

Claim 37 (Original): The network of claim 25, wherein the security devices are integrated with the 
associated host computer. 

Claim 38 (Currently Amended): A method for operating a multi-level secure network having a plurality 
of host computers accessible to users and a network security controller, each of which are connected to a 
network medium that has access to an untrusted line, the method comprising: 



eaGl ^ at least one user, eaoh at least one of the user profiles defining multiple destinations at loast ono 
dost i nat i on which the user is authorized to access through discretionary access control and mandatory access 
control security mechanisms, to define virtual private networks of communication comprising subsets of host 
computers; 



generating at le ast on e us e r at the network security controller a plurality of user profiles for 



authorizing a user at a host computer; 



d e t e rmin i ng, at tho host comput e r, th e at le ast on e us e r prof i l e associat e d with th e author i z e d 



permitting, at the host computer, the authorized user to select one of said plurality of user 



profiles a ucor'o 



prof i le associated with the user; awd 
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sending one of said plurality of user profiles from said network securiry controller, as selected 
by the authorized user, to said host computer; and 

restricting access of the host computer to the at l e ast on e destinations defined in the selected 

user's profile. 

Claim 39 (Currently Amended): The method of claim 38. wherein each of the destinations comprise 
tho at l e ast ono dest i nat i on compris e s at le ast on e other host computers of the network or the untrusted line. 

Claim 40 (Previously Amended): The method of claim 38, further comprising the step of implementing 
a security mechanism to enable the host computer to connect to a trusted destination. 

Claim 41 (Original): The method of claim 38, further comprising the step of not implementing security 
mechanisms when the host computer connects to an untrusted destination. 

Claim 42 (Original): The method of claim 38, wherein the untrusted line comprises the Internet. 

Claim 43 (Original): The method of claim 38, wherein a user cannot simultaneously communicate with 
a trusted destination and an untrusted destination. 

Claim 44 (Original): The method of claim 38, wherein a user is prevented from simultaneously 
connecting to destinations having different security levels. 
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Claim 45 (Original): The method of claim 38, wherein a user can only select one profile at a time. 
Claim 46 (Canceled) 

Claim 47 (Original): The method of claim 38, wherein security is Implemented at a network layer of 
protocol hierarchy. 

Claim 48 (Cancelled) 

Claim 49 (Original): The method of claim 38, wherein the destination in a user's profile correspond to 
a level of security granted the user. 

Claims 50 - 53 (Cancelled) 

Claim 54 (Currently Amended): A multi-level secure network having a plurality of host computers 
accessible to users and interconnected with a non -se cur e commun i cat i on m e dium s uch as the Internet, the 
secure network comprising: 

a network security controller for enabling a security officer to generate at l oactono apluralitv 
oLuser profiles for at least one of a plurality of users e ach us e r , each user profile defining at least one 
destination which the-a_user is authorized to access , and for sending a user profile to a security device, as 
selected by an authorized user ; and. 
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security devices connected with said host connputers for receiving from the security officer the 
user profiles generated at the network security controller, each security device associated with one host 
computer, each security device having an authorization devioe system for authorizing users at the associated 
host computer, the security device permitting the authorized user, via the associated host computer, to select 
one of the plurality of user profiles a user's profi l o associated with the user and for restricting access of the host 
computer to the at least one destination defined in the selected user's profile, and wherein each security device 
includes a communication control system to control access of the host computer to the communication 
medium, said communication control system including a data storage device for storing data provided by said 
host computer in a memory space, and for transferring data out of said memory space while making the 
transferred data inaccessible to said host computer. 

Claims 55 - 58 (Cancelled) 

Claim 59 (Currently Amended): The secure network of claim 25 wherein said network security 
controller includes means for chang i ng u se r prof ile s and sending updated user profiles to said security 
devices. 

Claims 60 - 68 (Cancelled) 

Claim 69 (Currently Amended): A method for controlling a sending computer to transmit 
information to a receiving computer over a computer network, the method comprising: 
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providing a security device at each sending computer and receiving computer; 

setting user identification information at each security device for enabling a user to access 
the computer associated with the security device; 

setting a plurality of user profiles at one or more of the security devices to enable a user to 
select one of said plurality of user profiles: 

providing a network security controller on said computer network for receiving from said 
security device the identification of an authorized use r and the selected user profile and for forwarding the 
selected e stabl i shing on e or mor e user profile s at e ach to the security device for said authorized user, 
including providing discretionary access control and mandatory access control policies for each user 
profile; 

receiving information to be transmitted from the sending computer to the receiving 
computer at the sending computer security device; 

implementing security mechanisms at a network layer of ISO protocol hierarchy to 
determine whether communication is authorized from the sending computer to the receiving computer by 
determining if the receiving computer is in a transmit list and consistent with a transmit security window 
through discretionary access control and mandatory access control, respectively and, if either condition is 
not satisfied then terminating the transmission of information and sending termination notice to the network 
security controller, othenwise encrypting the information to be transmitted; and 

transmitting the encrypted information to the security device of the receiving computer 
over the computer network. 
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Claim 70 (Previously Presented): The method of claim 69 further comprising the step of changing 
user profiles at the network security controller and updating available user profiles at a security device. 

Claim 71 (Previously Presented): The method of claim 69 further comprising the step of auditing 
the termination of transmission of information at the network security controller. 

Claim 72 (Cancelled) 

Claim 73 (Currently Amended): The method of claim 69 wherein said computer network includes 
an untrustod network cuch as the Internet. 

Claim 74 (Previously Presented): The method of claim 69 wherein each security device prevents 
simultaneous connection at different security levels established by mandatory access controls. 

Claim 75 (Previously Presented): The method of claim 69 wherein each security device prevents 
simultaneous connection to trusted and untrusted networks. 

Claims 76 - 84 (Cancelled) 

Claim 85 (New): The network of claim 25 wherein said security devices include means for 

enabling a plurality of user profiles to be set for a single user. 
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Claim 86 (New): The network of claim 85 wherein said plurality of user profiles to be set for a 

single user is specific to a particular host computer associated with the security device. 

Claim 87 (New): The network of claim 85 wherein at least one of said plurality of user profiles 

enables access to a plurality of destinations. 

Claim 88 (New): The network of claim 54 wherein at least one of said plurality of user profiles 

includes a plurality of destinations. 

Claim 89 (New): The network of claim 88 wherein said network security controller enables the 

security officer to generate different user profiles at different security devices for a single user. 
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